func DefaultTemplate() *templateapi.Template {
ret := &templateapi.Template{}
ret.Name = DefaultTemplateName
ns := "${" + ProjectNameParam + "}"
project := &projectapi.Project{}
project.Name = ns
project.Annotations = map[string]string{
projectapi.ProjectDescription: "${" + ProjectDescriptionParam + "}",
projectapi.ProjectDisplayName: "${" + ProjectDisplayNameParam + "}",
}
ret.Objects = append(ret.Objects, project)
binding := &authorizationapi.RoleBinding{}
binding.Name = "admins"
binding.Namespace = ns
binding.Users = util.NewStringSet("${" + ProjectAdminUserParam + "}")
binding.RoleRef.Name = bootstrappolicy.AdminRoleName
ret.Objects = append(ret.Objects, binding)
serviceAccountRoleBindings := bootstrappolicy.GetBootstrapServiceAccountProjectRoleBindings(ns)
for i := range serviceAccountRoleBindings {
ret.Objects = append(ret.Objects, &serviceAccountRoleBindings[i])
}
for _, parameterName := range parameters {
parameter := templateapi.Parameter{}
parameter.Name = parameterName
ret.Parameters = append(ret.Parameters, parameter)
}
return ret
}
func (o *NewProjectOptions) Run(useNodeSelector bool) error {
if _, err := o.Client.Projects().Get(o.ProjectName); err != nil {
if !kerrors.IsNotFound(err) {
return err
}
} else {
return fmt.Errorf("project %v already exists", o.ProjectName)
}
project := &projectapi.Project{}
project.Name = o.ProjectName
project.Annotations = make(map[string]string)
project.Annotations[projectapi.ProjectDescription] = o.Description
project.Annotations[projectapi.ProjectDisplayName] = o.DisplayName
if useNodeSelector {
project.Annotations[projectapi.ProjectNodeSelector] = o.NodeSelector
}
project, err := o.Client.Projects().Create(project)
if err != nil {
return err
}
fmt.Printf("Created project %v\n", o.ProjectName)
errs := []error{}
if len(o.AdminUser) != 0 {
adduser := &policy.RoleModificationOptions{
RoleName: o.AdminRole,
RoleBindingAccessor: policy.NewLocalRoleBindingAccessor(project.Name, o.Client),
Users: []string{o.AdminUser},
}
if err := adduser.AddRole(); err != nil {
fmt.Printf("%v could not be added to the %v role: %v\n", o.AdminUser, o.AdminRole, err)
errs = append(errs, err)
}
}
for _, binding := range bootstrappolicy.GetBootstrapServiceAccountProjectRoleBindings(o.ProjectName) {
addRole := &policy.RoleModificationOptions{
RoleName: binding.RoleRef.Name,
RoleNamespace: binding.RoleRef.Namespace,
RoleBindingAccessor: policy.NewLocalRoleBindingAccessor(o.ProjectName, o.Client),
Users: binding.Users.List(),
Groups: binding.Groups.List(),
}
if err := addRole.AddRole(); err != nil {
fmt.Printf("Could not add service accounts to the %v role: %v\n", binding.RoleRef.Name, err)
errs = append(errs, err)
}
}
return errorsutil.NewAggregate(errs)
}